// Authorize handles authentication with thrid party remote systems, // such as github or bitbucket, and returns user data. func (r *Gitlab) Authorize(res http.ResponseWriter, req *http.Request) (*model.Login, error) { host := httputil.GetURL(req) config := NewOauthConfig(r, host) var code = req.FormValue("code") var state = req.FormValue("state") if len(code) == 0 { var random = GetRandom() httputil.SetCookie(res, req, "gitlab_state", random) http.Redirect(res, req, config.AuthCodeURL(random), http.StatusSeeOther) return nil, nil } cookieState := httputil.GetCookie(req, "gitlab_state") httputil.DelCookie(res, req, "gitlab_state") if cookieState != state { return nil, fmt.Errorf("Error matching state in OAuth2 redirect") } var trans = &oauth.Transport{ Config: config, Transport: &http.Transport{ Proxy: http.ProxyFromEnvironment, TLSClientConfig: &tls.Config{InsecureSkipVerify: r.SkipVerify}, }, } var token, err = trans.Exchange(code) if err != nil { return nil, fmt.Errorf("Error exchanging token. %s", err) } var client = NewClient(r.url, token.AccessToken, r.SkipVerify) var user, errr = client.CurrentUser() if errr != nil { return nil, fmt.Errorf("Error retrieving current user. %s", errr) } var login = new(model.Login) login.ID = int64(user.Id) login.Access = token.AccessToken login.Secret = token.RefreshToken login.Login = user.Username login.Email = user.Email return login, nil }